Also, thanks to Ken for mentioning in the comments that Emerging Threats has Snort rules to alert on these activities. According to Ken, search emerging rules for SIDs 2008990 and 2008991.

Update 3: Nathan shared with us a few pointers to Roundtube developer discussions of the msgimport vulnerability. "Based on http://lists.roundcube.net/mail-archive/dev/2009-01/0000055.html it seems versions prior to 0.2-alpha are vulnerable." Additional messages on the list: 1, 2. "They appears to be providing little information publicly about the exploit but appear to have acknowledged it."